[Zope] Password Problem

Jens Vagelpohl jens@zope.com
Thu, 5 Sep 2002 13:07:35 -0400


could you provide some more information, like the versions of the 
products you are using and the zope version?

jens


On Thursday, Sep 5, 2002, at 02:36 US/Eastern, Ashish Gautam wrote:

> hi,
> I am using openLDAP server for authentication.UserName password and 
> group
> information is stored in openLDAP.
> I am using LDAPUserFolder Product.
> I have provided a facility for user to change the password.
>
> When user changes password in my site, then zope loggs him out after
> sometime.
>
> Password change is reflected in openLDAP.
>
> To my knowledge the problem is:
>
> When user loggs-in Zope sets a cookie on client side containing 
> username and
> password.
> LDAPUserFolder CACHES the currently authenticated user.
> With every request the cookie is sent and LDAPUserFolder authenticates 
> it
> against the data[username and password] stored in its CACHE.
> After sometime(10 minutes) the LDAPUserFolder purges its cache and 
> reloads
> the data from openLDAP.
> Here lies the problem....since our cookie on client side is still 
> contain
> old password(if password is sent as a cookie)
> With every request we will send old password and now LDAPUserFolder 
> has in
> its cache new password.
>
>
> Any solution is most welcomed,
> Ashish.